In recent weeks, Verizon and AT&T have been caught up in a privacy firestorm over their use of so-called "permacookies," a method of tracking what their users do while browsing the Web with the intent of sharing that data with advertisers. Verizon's permacookie program lives on, but AT&T has ceased the practice, ProPublica reported on Friday.

At least for now.

AT&T tells ProPublica that its use of permacookies was "part of a test," which has since wrapped up, but the company says that it "may still launch a program to sell data collected by its tracking number." For its part, AT&T says that it will allow customers to opt out of the program if--or when--it decides to use permacookies for advertising purposes.

The story behind the story: Permacookies aren't cookies in the traditional sense: Instead, they're unique identifiers appended to website addresses you type in on your device that let carriers see what kinds of sites you visit.

Permacookies exist for the same reason traditional tracking cookies exist--so advertisers can see what sorts of things you might be interested and serve up related ads in the hopes that you'll click on them. But unlike regular tracking cookies, which you can easily delete from your browser or block entirely, there's no way of removing or blocking permacookies since they're handled entirely by the carrier.

Permacookies here to stay?

Despite the outcry from consumers and activists, it's hard to shake the feeling that permacookies aren't going away now that the proverbial cat is out of the bag. Both Verizon and AT&T have said they allow (or will allow) customers to opt out of the advertiser data sharing program, as ProPublica notes (though Verizon won't let you opt out of the identifier program), but you're still very much at the mercy of the carriers.

If you're on Verizon and are concerned about the privacy implications, our Ian Paul has a couple suggestions: First, use Wi-Fi instead of the cellular network whenever possible so you bypass Verizon's network entirely. If that's not practical, though, consider using a VPN to help keep your Web browsing private.

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.